[Snort-devel] Stream5 Question

snort user snort.user at ...2499...
Wed Sep 5 14:07:54 EDT 2007


And when a reassembly is done, both the reassembled stream as well as
the current packet goes through the matching engine, right ?
(in both modes - window and flush)




On 9/5/07, Steven Sturges <steve.sturges at ...402...> wrote:
> By deafult Stream5 reassembles every 'n' segments, based on a flush point.
>
> However, any session can be programatically changed/configured to
> use the sliding window policy, which would reassemble with every
> segment along a sliding window that is larger than the flush point.
> Have a look at the stream api header file for details on the
> set_reassembly() function.
>
> Cheers.
> -steve
>
> snort user wrote:
> > Hello and Greetings.
> >
> > Does stream5, in the inline mode, perform reassembly for every tcp
> > segment (with data) ?
> > or is it done every 'n' segments (where n > 1) based on when the flush
> > point is reached ?
> >
> > Thanks
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >>  http://get.splunk.com/
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
>




More information about the Snort-devel mailing list